---
layout: layouts/base.njk
---
<div class="o-layout__sidebar"></div>
<div class="o-layout__main o-layout-typography">
	<h1 id="security-policy">Security Policy</h1>
	<h2 id="responsible-disclosure-security-policy">Responsible disclosure security policy</h2>
	<p>
		A responsible disclosure policy helps protect users of the project from publicly disclosed
		security vulnerabilities without a fix by employing a process where vulnerabilities are first
		triaged in a private manner, and only publicly disclosed after a reasonable time period that
		allows patching the vulnerability and provides an upgrade path for users.
	</p>
	<p>
		When contacting us directly via email, we will do our best efforts to respond in a reasonable
		time to resolve the issue. When contacting a security program their disclosure policy will
		provide details on time-frame, processes and paid bounties.
	</p>
	<p>
		We kindly ask you to refrain from malicious acts that put our users, the project, or any of
		the project’s team members at risk.
	</p>

	<h2 id="reporting-a-security-issue">Reporting a security issue</h2>
	<p>
		We consider the security of our systems a top priority. But no matter how much effort we put
		into system security, there can still be vulnerabilities present.
	</p>
	<p>
		If you discover a security vulnerability, report the security issue to the Financial Times through the HackerOne form below. 
		HackerOne will help triage the security issue and work with all involved parties to remediate and release a fix.
		They will also provide details on time-frame, processes and paid bounties.
	</p>
	<p>
		Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken
		into account to acknowledge your contributions.
	</p>

	<iframe src="https://hackerone.com/bc64093f-2cbb-4247-9e7b-42b6b9d8f474/embedded_submissions/new" frameborder="0" style="border:none; width:100%; height:1000px;" class="o-layout__main__full-span"></script>

</div>
